Security patches (or fixes): Patches created due to a report of a
potential or known security vulnerability, as verified by the
security team.

Critical bugfixes: Fixes for bugs introduced within a
new minor release cycle.

Skeleton package: Any package defined as a
Composer "project" type,
for the purpose of initiating a new project/application.

LTS: Long-Term Support.

Component support policy

This policy governs individual component packages.

When a new major release of a component is made, the previous minor
release enters its security support phase for a period of 12
months, receiving only critical bugfixes and security fixes.

Otherwise, a component remains in active support unless we
provide notice of deprecation/abandonment. Once such a notice is made,
the component will enter a security support phase for a period
of 12 months.

When a new minor release of a component is made, the previous minor
release is no longer supported and will not receive security fixes.

Users are encouraged to update to the latest supported version. As we follow
semantic versioning, your code will continue to
work without changes within the same major version.

Long Term Support Policy

This policy governs skeleton packages and their direct dependencies.
Direct dependencies are any Zend Framework dependencies listed in the skeleton
`composer.json`.
At the time of publication, skeleton applications we provide include:

New major versions will occur no sooner than 2 years after a major
version is released.

When a new major version is released, the previous minor release will enter a
security support phase for a period of 2 years following the
date of the new major release. This means that the LTS is a minimum
of 4 years.

During the LTS period, all direct dependencies of the skeleton will
receive security support in the latest versions possible under
the version constraints as listed in the skeleton application's
composer.json file.

Adopting an LTS version

Opting-in to an LTS version of a component can be done using
Composer:

$ composer require "{package}:^{version}"

The above will modify your composer.json to provide a semantic
version constraint, ensuring you only get backwards-compatible updates to
the given package.

Current support versions

The following table includes a list of all components, along with its current
support status (Support or LTS), skeleton under which LTS is invoked (if any),
versions under support (multiple versions are possible when an LTS is present),
and date when support ends (if an LTS version or deprecated package).
When a component has multiple support statuses, it will be listed multiple
times, showing the specific status and version(s) it applies to. For LTS
components, the skeleton that provides the status is listed as well.